Building Resilient Data Systems with Microsoft Fabric
May 7, 2025Learning FOCUS: Commitment discounts
May 7, 2025
Azure Monitor’s managed service for Prometheus and Container Insights provide comprehensive monitoring for your Kubernetes environment. This blog explains about container insights features in detail.
When managing modern containerized workloads in Azure Kubernetes Service (AKS) observability is key. Azure Monitor Container Insights simplifies this by providing deep visibility into the health, performance, and resource utilization of your Kubernetes environment.
Container Insights collects telemetry data directly from your cluster and its components, including nodes, controllers, and containers. This data is automatically processed and made available through prebuilt dashboards and workbooks, allowing you to quickly identify trends, diagnose bottlenecks, and optimize your deployments.
Whether you’re operating in Azure, Container Insights empowers teams to:
- Monitor CPU and memory usage across nodes and workloads
- Track pod restarts and container failures
- Drill down into namespace-level resource usage
- Analyze trends with ready-to-use Log Analytics queries and visualizations
By integrating seamlessly with other Azure Monitor capabilities, Container Insights ensures your Kubernetes clusters are not just running—but running efficiently and reliably.
Fig 1: Data collection flow
How Container Insights and Managed Prometheus Work Behind the Scenes
When you enable Container Insights or Azure Monitor Managed Service for Prometheus on your Azure Kubernetes Service (AKS) cluster, a key component doing the heavy lifting is the Azure Monitor Agent for Linux, which is deployed as a containerized DaemonSet across all cluster nodes.
This lightweight, purpose-built agent is responsible for collecting both performance metrics and event logs from the underlying Kubernetes environment. It gathers insights from the node, container, and workload levels, ensuring complete visibility into the health and performance of your applications and infrastructure.
Automatic DCR Creation and Workspace Integration
As part of the onboarding process, the agent is automatically registered with a specified Log Analytics workspace or metrics workspace, depending on whether you’re enabling Container Insights, Prometheus, or both.
At the core of the data collection process is a Data Collection Rule (DCR). Once Container Insights is enabled, Azure Monitor provisions a DCR named using the convention:
MSCI–
This DCR defines exactly what data the Azure Monitor Agent should collect, including:
- Node and container performance metrics (CPU, memory, disk, etc.)
- Kubernetes control plane logs
- Prometheus scraping configurations (if Prometheus is enabled)
- Syslog or custom log collection configurations (optional)
Enabling Monitoring for Your AKS
To get started with monitoring in Azure Kubernetes Service (AKS), Azure provides straightforward CLI commands that let you enable monitoring with minimal setup.
When running these commands, you have the option to specify a Log Analytics workspace where monitoring data will be sent. If you choose not to provide one, Azure will automatically assign a default workspace based on the cluster’s resource group.
If a default workspace doesn’t already exist in the same region as your cluster, Azure will create one for you.
### Use default Log Analytics workspace
az aks enable-addons –addon monitoring –name –resource-group
### Use existing Log Analytics workspace
az aks enable-addons –addon monitoring –name –resource-group –workspace-resource-id
After enabling monitoring for your Kubernetes cluster, it’s important to confirm that the monitoring agents have been successfully deployed. These agents are typically delivered via DaemonSets, which ensure that a copy of the monitoring pod runs on every node in your Linux node pools.
You can verify the deployment by running the following command:
kubectl get ds ama-logs –namespace=kube-system
Configure log collection in Container insights
Azure Container Insights provides two key mechanisms to configure and control what telemetry data is collected from your Kubernetes clusters. The method you use can depend on the configuration you’re targeting—some scenarios give you a choice, while others require a specific approach.
Here’s an overview of both methods: This blog explains the DCR method
| Method | Description |
|---|---|
| Data Collection Rule (DCR) | Data Collection Rules are part of the Azure Monitor pipeline and define what data should be collected and where it should be sent. When you enable Container Insights, a default DCR is automatically created. You can customize this DCR through the Azure Portal, Azure CLI, ARM templates, or Bicep for fine-tuned data control. |
| ConfigMap | A ConfigMap is a Kubernetes-native configuration object used to store key-value pairs. Container Insights scans for specific ConfigMaps in the cluster that define which logs or metrics to collect. This method offers a cluster-local way to influence data collection directly from within Kubernetes. |
Configure data collection using DCR
The Azure portal offers multiple preset configurations for data collection in Container Insights, each designed to balance depth of insight with cost and performance. These presets vary in terms of the tables they collect from and the frequency of collection, allowing you to align monitoring with your operational priorities.
You also have the flexibility to fully customize your data collection settings—selecting only the specific metrics and logs you need.
- Go to the AKS Cluster in azure portal
- Select the Insights option in Cluster Monitoring section and click on monitor settings
3. Select the required cost preset
4. To customize the settings, edit collection settings and configure as per the requirements
5. Click Configure to save the settings.
Accessing and Querying Insights
Once enabled, navigate to:
- Azure Portal > Monitor > Insights > Containers
Or use Log Analytics to run custom queries:
ContainerLogV2
| where TimeGenerated > ago(1h)
| where Namespace == “container.azm.ms”
Summary
Azure’s shift to DCR-based monitoring for Container Insights introduces powerful capabilities for modern observability:
| Feature | Traditional Pipeline | New DCR Pipeline |
|---|---|---|
| Configuration Style | Portal/Basic CLI | Template-driven (ARM/Bicep/CLI) |
| Data Flexibility | Limited | High (filtering, routing, etc.) |
| Agent | OMS Agent | Azure Monitor Agent (AMA) |
| Control Level | Low | High |
Whether you’re running AKS for dev workloads or production-grade systems, adopting Container Insights with DCR ensures you’re equipped with actionable telemetry, reduced noise, and efficient operations.